Compare commits

...

34 Commits

Author SHA1 Message Date
gashapwn
20c2dcbb6f README.md - updated install instructions 2021-03-08 03:19:27 +00:00
gashapwn
57f1085901 added bookdl.pl for downloading books from lainchan 2021-03-08 03:06:33 +00:00
gashapwn
87d1998186 added new .gitignore for json files 2021-03-07 23:23:53 +00:00
gashapwn
f6e1723d3d provision.pl - fixed an escape 2021-03-07 03:05:41 +00:00
gashapwn
d184c69bc4 provision.pl - forgot a file extension 2021-03-07 02:58:41 +00:00
gashapwn
4be664be38 provision.pl - fixing strange problem with relative directories when installing ngircd 2021-03-07 02:41:48 +00:00
gashapwn
821e0ab9d4 provision.pl -- added ngircd and configuration 2021-03-07 02:20:35 +00:00
gashapwn
2d9e582c00 added ngircd.conf 2021-03-07 02:07:23 +00:00
gashapwn
508bbee90b provision.pl - added flag to pull from non-prod branch 2021-03-06 23:48:20 +00:00
gashapwn
b0a547308f .gitignore - adding more test file patterns 2021-03-06 23:21:04 +00:00
gashapwn
1924d66f43 ngircd-ctl.pl - fixed status command 2021-03-06 22:47:30 +00:00
gashapwn
bd187d6964 added ngircd-ctl script 2021-03-06 20:50:09 +00:00
gashapwn
25123376b3 provision.pl - added bash 2021-03-02 20:16:44 +00:00
gashapwn
51e5753902 provision.pl - i think Flask install is working again 2021-03-02 19:47:38 +00:00
gashapwn
d6cc9c5673 provision.pl - komm susser todd 2021-03-02 19:31:29 +00:00
gashapwn
b54c33a442 provision.pl - garbage garbage garbage 2021-03-02 19:24:38 +00:00
gashapwn
a0d7006146 provision.pl - pip3 is garbade 2021-03-02 19:19:34 +00:00
gashapwn
bd9f37a5c7 requirements.txt - fsck fsck fsck fsck 2021-03-02 18:59:16 +00:00
gashapwn
e03153516c provision.pl - replacing pip package with OS package 2021-03-02 18:54:54 +00:00
gashapwn
2017145a4f provision.pl - changing depdendencies for py crypto 2021-03-02 18:48:22 +00:00
gashapwn
7e853ec18e provision.pl - added rust depdendency 2021-03-02 18:31:16 +00:00
gashapwn
983bb3b55e provision.pl - removed password login 2021-03-02 17:18:06 +00:00
gashapwn
8d93df3368 provision.pl - adjust root login regex 2021-03-02 16:53:54 +00:00
gashapwn
572d0ba0a7 provision.pl - disable root login... clean up comments... nopass doas.conf... clobber warning 2021-03-02 16:02:22 +00:00
gashapwn
656183e45b provision.pl - Add prompt for user creation 2021-03-02 15:35:53 +00:00
gashapwn
b1a69ac103 create_user.pl - fixing some newlines 2020-12-29 04:58:33 +00:00
gashapwn
de10cf77bc create_user.pl + provision.pl - updated usage info stuff 2020-12-29 04:51:33 +00:00
gashapwn
b30ebc7f23 create_user.pl - fixed filename test 2020-12-29 04:16:03 +00:00
gashapwn
00e09fd15e create_user.pl - fixed shell enum for STDIN use case 2020-12-29 04:11:50 +00:00
gashapwn
4f4217d4f8 provision.pl - hardcoding URLs to a testing branch like an idiot 2020-12-29 04:06:00 +00:00
gashapwn
37d034767a provision.pl - added JSON perl dependency 2020-12-29 03:58:55 +00:00
gashapwn
3bf739cbe7 create_user.pl - refactored create_user.pl so it can be run with STDIN instead of a file 2020-12-29 03:44:14 +00:00
gashapwn
e71775bf17 provision.pl - wget pulls in user create because vultr 2020-12-20 07:39:34 +00:00
gashapwn
8cfc3140cc provision.pl - added user creation prompt because vultr 2020-12-20 01:59:38 +00:00
8 changed files with 328 additions and 35 deletions

1
.gitignore vendored
View File

@ -3,6 +3,7 @@ test/*
*~
test_*.txt
*/p[0-9].pl
[0-9].pl
notes.txt
user_list.txt
.#*

View File

@ -9,13 +9,13 @@
Run the below command to automatically provision the tilde instance
```
pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl' -O - | perl
pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl'; perl provision.pl
```
or
```
pkg_add wget && wget 'https://s.lain.la/wrMJw' -O - | perl
pkg_add wget && wget wget 'https://s.lain.la/wrMJw'; perl provision.pl
```
After the scripts run, haproxy, the Flask app for user requests (lingyind) and apache will all be installed and started.

1
perl-script/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.json

92
perl-script/bookdl.pl Normal file
View File

@ -0,0 +1,92 @@
#!/usr/bin/perl
binmode STDOUT, ":utf8";
use warnings;
use strict;
use JSON;
my $THREAD_NO;
my $URL_PREFIX;
my $FN;
my $OUT_DIR;
my %jh;
my @a1;
$URL_PREFIX = "https://lainchan.org/lit/src/";
$THREAD_NO = 4953;
$FN = "$THREAD_NO.json";
$OUT_DIR = "./dl/";
# Read JSON with list of files
open FILE, "<", $FN or die "could not open file";
do{
my $json_str;
local $/=undef;
$json_str = <FILE>;
chomp $json_str;
%jh = %{JSON->new()->decode($json_str)};
};
close FILE;
# anonymous function that returns a list
# of tuples of the below form:
# (file_name, file_url)
@a1 = sub{
my @a0;
my @a2;
my $f1;
# filters for file types we
# dont want to downloads
sub f1 {
return $_[0]->{"ext"} && !($_[0]->{"ext"} =~ /jpe?g/);
}
sub f2 {
return !($_[0]->{"ext"} =~ /png/);
}
sub f3 {
return !($_[0]->{"ext"} =~ /gif/);
}
sub f4 {
return !($_[0]->{"ext"} =~ /webm/);
}
sub f0 {
return f1($_[0]) && f2($_[0]) && f3($_[0]) && f4($_[0])
}
# create an array of files
# that meet our file ext requirement
@a0 = grep {f0($_)} @{$jh{"posts"}};
# do the same filter on the
# extra_files attribute
@a2 = grep {
f0($_)
} map {
@{$_->{"extra_files"}}
} grep {
$_->{"extra_files"}
} @{$jh{"posts"}};
# Return our tuple
return map {
[
sprintf("%s%s", $_->{"filename"}, $_->{"ext"}), # file_name
sprintf("%s%s%s", $URL_PREFIX, $_->{"tim"}, $_->{"ext"}) # file_url
]
} (@a0, @a2);
}->();
# Print a list of wget commands from our tuples
for my $i1 (@a1){
printf("wget -N %s -O '%s%s'\n", scalar $i1->[1], $OUT_DIR, scalar $i1->[0]);
}

View File

@ -0,0 +1,45 @@
[Global]
Name = tildezero.xyz
AdminInfo1 = null
AdminInfo2 = null
AdminEMail = null@null.tld
Info = priv8 pls go away
# MotdFile = /etc/ngircd/ngircd.motd
ServerGID = irc
ServerUID = _ngircd
Ports = 6667
[Limits]
MaxConnections = 50
MaxJoins = 5
[Options]
PAM = no
PredefChannelsOnly = no
RequireAuthPing = no
SyslogFacility = local5
;WebircPassword = webpwd
# Security related settings, useful for running servers with high anonimity, disable if desired
Ident = no
# Global password for all users needed to connect to the server
# Password = abc
# Set this hostname for every client instead of the real one.
# Use %x to add the hashed value of the original hostname.
CloakHost = tildezero.xyz
# Set every clients' user name to their nickname
CloakUserToNick = yes
# Do dns lookup when a user connects
DNS = no
# Enhance user privacy slightly (useful for IRC server on TOR or I2P)
# by censoring some information like idle time, logon time, etc.
MorePrivacy = yes
# Silently drop all incoming CTCP requests
ScrubCTCP = yes
#[Operator]
# Name = someuser
# Password = somepassword

View File

@ -19,41 +19,61 @@ my @g;
# Given a username... prompts and creates that user
sub create($){
my $id = $_[0];
my $id;
my $fn1 = $account_dir.$id.".ident";
my $fn1;
my $username;
my $shell_pref;
my $user_email;
my $pub_key;
my $p0;
# Prompts...
$p0 = [
"Enter username: ",
"Enter pubkey: "
];
$fn1 = "";
if($_[0]){
$id = $_[0];
$fn1 = $account_dir.$id.".ident";
open IN0, $fn1 or die "could not open file $fn1";
$p0 = [ map("", @{$p0}) ];
}else{
*IN0 = *STDIN;
}
# read in username and validate
open FILE, $fn1 or die "could not open file $fn1";
$username = <FILE>;
printf($p0->[0]);
$username = <IN0>;
chomp $username;
if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
printf("%s has an INVALID username\n", $id);
printf("%s is an INVALID username\n", $id);
die ("oh no");
}
# read in email
$user_email = <FILE>;
$user_email = $_[0] ? <IN0> : "";
chomp $user_email;
# read in shell and validate
{
my $s0 = <FILE>;
my $s0;
$s0 = $_[0] ? <IN0> : "SHELL_KSH";
chomp $s0;
unless($SHELL_ENUM->{$s0}){
die "invalid shell setting $s0 in file $id.ident";
die "invalid shell setting $s0";
}
$shell_pref = $SHELL_ENUM->{$s0};
}
# read in pub key
$pub_key = <FILE>;
printf($p0->[1]);
$pub_key = <IN0>;
chomp $pub_key;
{
@ -70,10 +90,10 @@ sub create($){
system($cmd);
system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
system("chmod 711 /home/$username");
system("mv $fn1 $fn1.done");
system("test $fn1 && mv $fn1 $fn1.done");
system("echo $username >> $ul_path");
}
close FILE;
close IN0;
}
# MAIN starts here
@ -92,7 +112,12 @@ if( `pwd` =~ /perl-script\/?\s*$/){
$ul_path = $working_dir."user_list.txt";
printf("%s\n", $conf_path);
}elsif(!(join(" ", glob("./*")) =~ /perl-script/)){
die "please run this script with ./perl-script/ as the present working directory";
$SHELL_ENUM = {"SHELL_KSH" => "/bin/ksh"};
create(0);
printf("admin user is now configured\n");
printf("run the below command to continue the install\n");
printf("pkg_add wget && wget 'https://git.lain.church/gashapwn/lyadmin/raw/branch/master/perl-script/provision.pl' -O - | perl");
die "\n\n";
}
# Opens the conf file to read
@ -117,4 +142,3 @@ close FILE;
for my $fn (@g){
create($fn);
}

33
perl-script/ngircd-ctl.pl Normal file
View File

@ -0,0 +1,33 @@
#!/usr/bin/perl
use warnings;
use strict;
my @MY_ARGV = @ARGV;
my $MY_ACMD = shift || "";
my $NGIRCD='ngircd';
my $NGIRCD_UID = 703;
my $NGIRCD_UN = "_ngircd";
my $ERROR = 0;
my $USAGE = "Usage: ngircd-ctl (start|status|stop)";
my $PERM_ERR = "must run as $NGIRCD_UN\nplease run using: doas -u $NGIRCD_UN\n";
unless( getpwuid( $< ) =~ /$NGIRCD_UN/ ){
die $PERM_ERR;
}
if ($MY_ACMD eq "stop"){
$ERROR = system("pkill -u $NGIRCD_UID -x $NGIRCD");
}elsif($MY_ACMD eq "start"){
$ERROR = system("$NGIRCD");
}elsif($MY_ACMD eq "status"){
$ERROR = system("pgrep -u $NGIRCD_UID $NGIRCD");
printf("%s(ok)\n", $NGIRCD) if ($ERROR == 0);
}elsif($MY_ACMD eq "help"){
printf("$USAGE\n");
}else{
printf("$USAGE\n");
}

View File

@ -12,7 +12,10 @@ use strict;
# gashapwn
# Nov 2020
my $DEV_FLAG = shift || "";
my $GIT_REPO = 'https://git.lain.church/gashapwn/lyadmin.git';
my $GIT_BRANCH = length($DEV_FLAG) > 0 ? "-b gasha-branch " : "";
my ($REPO_DIR) = $GIT_REPO =~ /\/([^\/]*)\.git$/;
my $INST_DIR = "/tilde";
@ -23,6 +26,54 @@ my $pwuid;
my $admin_un;
my $admin_home_dir;
# Given a username... prompts and creates that user
sub create(){
my $id;
my $username;
my $user_email;
my $pub_key;
my $p0;
# Prompts...
$p0 = [
"Enter username: ",
"Enter pubkey: "
];
# read in username and validate
printf($p0->[0]);
$username = <STDIN>;
chomp $username;
if(length($username) > 31 || !($username =~ /^[A-Za-z][A-Za-z0-9]+$/)){
printf("%s is an INVALID username\n", $id);
die ("oh no");
}
# read in pub key
printf($p0->[1]);
$pub_key = <STDIN>;
chomp $pub_key;
{
# Prompt to make sure the username looks OK
my $cmd;
$cmd = "useradd -m " . $username;
printf("Y/N is this command OK?: %s\n", $cmd);
if(!(<STDIN> =~ /^y/i)){
die "provision cancelled...";
}
# create the user
system($cmd);
system("echo '".$pub_key."' > /home/$username/.ssh/authorized_keys");
system("chmod 711 /home/$username");
}
}
# Make sure we're running as root
$pwuid = getpwuid( $< );
@ -30,18 +81,20 @@ if($pwuid ne "root"){
die "script must be run as root";
}
# Check /etc/passwd for the username created during
# installation
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
printf("admin user will be set to %s\n", $admin_un);
}else{
die "create a non-root user & set user passsword before running this script."
# Make sure script is provisioning a fresh instance
# and doesn't clobber users existing configs
printf("This script is meant to be run on a fresh install\n");
printf("Y/N OK to proceed?");
if(!(<STDIN> =~ /^y/i)){
die "provision cancelled...";
}
$admin_home_dir = "/home/$admin_un";
# grant doas access to admin user
system("echo 'permit $admin_un' > /etc/doas.conf");
unless( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
printf("to provision the instance there must be a non root user with an authorized_keys file");
printf("creating user...\n");
create();
}
# install git
system("pkg_add git");
@ -53,22 +106,31 @@ system("chown $SVC_ACCT:$SVC_ACCT $INST_DIR");
chdir $INST_DIR;
# clone repo
system("su $SVC_ACCT -c 'git clone $GIT_REPO'");
system("su $SVC_ACCT -c 'git clone $GIT_BRANCH$GIT_REPO'");
chdir $REPO_DIR;
# Copy the skel directory
system("mkdir ./skel/public_html/cgi");
system("cp -r ./skel/* /etc/skel/");
# Check /etc/passwd for the username created during
# installation
if( ($admin_un) = `tail /etc/passwd | grep -v "nobody:"` =~ /([^:\n]+):[^:]+:[0-9]{4,}/){
# grant doas access to admin user
system("echo 'permit nopass $admin_un' > /etc/doas.conf");
# setup admin user
system("cp -r ./skel/* /home/$admin_un/");
system("chown -R $admin_un:$admin_un /home/$admin_un");
system("echo $admin_un >> ./user_list.txt");
}
# Setup the virtual environment
system("pkg_add python3");
system("pkg_add python3 openssl rust bash");
printf("generating virtual enviornment...\n");
system("su $SVC_ACCT -c 'python3 -m venv venv'");
printf("running pip. can take up to 3 minutes due to slow compilation.\n");
system("su $SVC_ACCT -c '. ./venv/bin/activate && python3 -m pip install --upgrade pip'");
system("su $SVC_ACCT -c '. ./venv/bin/activate && pip3 install -r requirements.txt'");
system("cp ./perl-script/conf/lingyin.rc /etc/rc.d/lingyind");
@ -111,5 +173,40 @@ system("cp ./perl-script/conf/haproxy.cfg /etc/haproxy/haproxy.cfg");
system("rcctl enable haproxy");
system("rcctl start haproxy");
# Install and configure ngircd and delegation
system("pkg_add ngircd");
# irc group is used for granting permissions
# to irc admins
system("groupadd irc");
system("usermod -G irc _ngircd");
# allow doas for irc admins
system("echo 'permit nopass :irc as _ngircd' >> /etc/doas.conf");
# Copy over our conf file to /etc
# and set permissions
chdir "$INST_DIR/$REPO_DIR";
system("chmod 750 /etc/ngircd");
system("cp ./perl-script/conf/ngircd.conf /etc/ngircd/ngircd.conf");
system("chmod -R 660 /etc/ngircd/*");
system("chown -R _ngircd:irc /etc/ngircd/");
# copy over our admin script and set permissions
system("cp ./perl-script/ngircd-ctl.pl /usr/local/sbin/ngircd-ctl");
system("chown _ngircd:irc /usr/local/sbin/ngircd-ctl");
system("chmod 770 /usr/local/sbin/ngircd-ctl");
# Disable root login
system("sed -i -e 's/^[^#]*PermitRootLogin.*\$/PermitRootLogin no/' /etc/ssh/sshd_config");
system("sed -i -e 's/^PasswordAuthentication.*\$//' /etc/ssh/sshd_config");
system("echo 'PasswordAuthentication no' >> /etc/ssh/sshd_config");
system("rcctl restart sshd");
printf("\n\nInstall complete\n");
printf("==================================================\n");
printf("Protip: use doas instead of sudo\n");
printf("root login and password login is now disabled, so dont forget\nto set a password\n");
printf("and test your pub key\n");
printf("dont forget to setup your ssh pub key at /home/$admin_un/.ssh/authorized_keys\n");